Systems and methods for certificate chain validation of secure elements

ABSTRACT

In certificate chain validation, a parent certificate is used to validate a child certificate. The child certificate can indicate which parent certificate can be used to validate it. In some situations, a child certificate may not contain a certificate authority identifier that can be used to identify the parent certificate. Instead, the child certificate can contain a hash value of a modulus of the parent public key that can be used to identify the parent certificate. The hash value of the modulus of the parent public key can be associated with the parent public key. As such, the parent public key used in certificate chain validation of the child certificate can be identified using the hash value of the modulus of the parent public key.

BACKGROUND

Computing devices may use public key cryptography for authentication.For example, a computing device can store a certificate that can beauthenticated using certificate chain validation. Certificate chainvalidation is an iterative process that validates the signature of asigned certificate using the public key of a parent certificate in achain of certificates. This process continues iteratively until a rootpublic key of a certificate authority is used to validate the signatureof the prior certificate within the chain of certificates. Thus, thecomputing device may be authenticated by virtue of the entirecertificate chain being validated by the certificate authority, which isa trusted entity. Once a computing device has been authenticated, aservice provider may provide account information or services to thecomputing device or to a user of the computing device.

Many computing devices are capable of being authenticated through acertificate chain validation process. For example, smartphones and othermobile devices comprise a secure element (e.g., a microchip havingseparate and secure memory and execution) that stores signedcertificates for authentication. The secure elements of such devices maybe loaded with the authentication certificates during the manufacturingprocess. However, some devices may have secure elements storingcertificates that have limited authentication capabilities. Suchauthentications limitations may be due to the narrow scope of thedevice's intended use (e.g., the device was intended to be authenticatedby a single certificate authority). It may be impractical or impossibleto load additional certificates onto existing secure elements.Furthermore, it would be costly and time consuming to manufacture newsecure elements having more robust authentication capabilities.

Embodiments of the present invention address these and other problemsindividually and collectively.

BRIEF SUMMARY

Some embodiments of the invention relate to systems and methods forauthenticating a device, e.g., smart phone, smartwatch, or activitytracker device. Such devices can store certificates that can be providedto authentication server. The authentication server can validate adevice certificate using a certificate chain validation process. Thisprocess can involve identifying a parent certificate of the devicecertificate and then validate the device (child) certificate using theparent certificate. In some cases, the authentication server can store aplurality of parent certificates for validating certificates from avariety of different devices. The authentication server can determinewhich parent certificate to use for authenticating a certain childcertificate based on an identifier of the parent certificate that isincluded in that child certificate.

Some devices may have limited authentication capabilities. For example,the device certificate may not identify the parent certificate that canbe used to validate the device certificate. Such device certificates maybe used in authentication systems where there is only one, or a limitednumber of, parent certificates that are used for authentication.However, in authentication systems that use a plurality of differentparent certificates for authenticating a variety of different devices,it may be impractical or impossible for the authentication server toauthenticate certificates that do not identify the parent certificatedue to the large number of parent certificates used for authentication.

While it may not be possible to load new certificates onto certaindevices due to security constraints, it may be possible to add anidentifier of the parent certificate to an existing certificate on adevice. For example, a device storing a certificate that does notidentify its parent certificate may have a second identifier written toit that can be used for identify the parent certificate. This secondidentifier can be written to a discretionary data field of thecertificate, for example. As such, the authentication server canidentify the parent certificate using either the identifier of theparent certificate or using the second identifier that was written tothe certificate. The second identifier of the parent certificate may bea “Secure Hash Algorithm 1” (SHA-1) hash value of the modulus of thepublic key of the parent certificate. The authentication server can usethis hash value to identify the parent certificate. The authenticationserver can identify the parent certificate corresponding to secondidentifier value using a table or database containing associations ofsecond identifiers to parent certificates or parent public keys. Assuch, the authentication server can identify which parent certificate touse for validation of a child certificate using two differentidentifiers, the original parent identifier or second identifier valuewritten later. Therefore, the parent certificate of a device certificatecan be identified even if the device certificate does not originallyinclude a parent certificate identifier at the time of manufacturing.

Other embodiments are directed to systems, devices, and computerreadable media associated with the authentication methods describedherein.

A better understanding of the nature and advantages of embodiments ofthe present invention may be gained with reference to the followingdetailed description and the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows a system for providing a certificate to a device forauthenticating with an authentication server, in accordance with someembodiments.

FIG. 2 shows an authentication method that includes identifying a parentcertificate for validating a child certificate, according to someembodiments.

FIG. 3 shows a block diagram components of a device including a secureelement, according to some embodiments.

FIG. 4 shows a block diagram of components of an authentication server,according to some embodiments.

FIG. 5 shows a flowchart of a method for identifying a parentcertificate and validating a child certificate, according to someembodiments.

FIG. 6 shows a message flow diagram for authenticating a secure elementmicrochip, according to some embodiments.

TERMS

Prior to discussing embodiments of the invention, description of someterms may be helpful in understanding embodiments of the invention.

The term “server computer” refers to a computer or cluster of computingdevices. For example, the server computer can be a large mainframe, aminicomputer cluster, or a group of servers functioning as a unit. Theserver computer may be coupled to a database and may include anyhardware, software, other logic, or combination of the preceding forservicing the requests from one or more client computers. In oneexample, the server computer may be a database server coupled to a Webserver. The server computer can comprise one or more computationalapparatuses and may use any of a variety of computing structures,arrangements, and compilations for servicing requests received from oneor more client computers.

The term “public/private key pair” refers to a pair of linkedcryptographic keys generated by an entity (e.g., a computer or anelectronic device). The public key may be used for public functions suchas encrypting a message to send to the entity or for verifying a digitalsignature which was supposedly made by the entity. The private key, onthe other hand may be used for private functions such as decrypting areceived message or applying a digital signature. The public key willusually be authorized by a body known as a Certification Authority (CA)which stores the public key in a database and distributes it to anyother entity which requests it. The private key will typically be keptin a secure storage medium and will usually only be known to the entity.However, the cryptographic systems described herein may feature keyrecovery mechanisms for recovering lost keys and avoiding data loss.Public and private keys may be in any suitable format, including thosebased on RSA or elliptic curve cryptography (ECC).

A “digital signature” or “signature” refers to the result of applying analgorithm (e.g., a hashing algorithm) based on a public/private keypair, which allows a signing party to manifest, and a verifying party toverify, the authenticity and integrity of a document. The signing partyacts by means of the private key and the verifying party acts by meansof the public key. This process certifies the authenticity of thesender, the integrity of the signed document, and the so-calledprinciple of nonrepudiation, which does not allow disowning what hasbeen signed. A certificate or other data that is used to create adigital signature by a signing party is said to be “signed” by thesigning party.

A “certificate” or “digital certificate” may include an electronicdocument or data file that uses a digital signature to bind a public keywith data associated with an identity. The certificate may include oneor more data fields, such as the legal name of the identity, a serialnumber of the certificate, a valid-from and valid-to date for thecertificate, certificate-related permissions, etc. A certificate maycontain a “valid-from” date indicating the first date the certificate isvalid, and a “valid-to” date indicating the last date the certificate isvalid. A certificate may also contain a hash of the data in thecertificate. Unless otherwise noted, each certificate is signed by acertificate authority. The certificates may be a controlling authoritysecurity domain (CASD) certificate. The certificates may be validatedper the X.509 standard.

A “certificate authority” (CA) may include one or more server computersoperatively coupled to issue certificates to entities. The CA may proveits identity using a CA certificate, which includes the CA's public key.The CA certificate may be signed by another CA's private key, or may besigned by the same CA's private key. The latter is known as aself-signed certificate. The CA may maintain a database of allcertificates issued by the CA, and may also maintain a list of revokedcertificates. Typically, the certificate authority receives an unsignedcertificate from an entity whose identity is known. The unsignedcertificate includes a public key, one or more data fields, and asignature (e.g., a hash of data in the certificate). The CA signs thecertificate with a private key corresponding to the public key includedin the CA certificate. The CA may then store the signed certificate in adatabase, and issue the signed certificate to the entity.

The term “certificate chain validation” refers to is an iterativeprocess that validates the signature of the first signed certificatewithin a chain of certificates using a public key of the signer of thefirst certificate. The public key of the signer of the first certificateis included in the second certificate within the chain of certificates.The second certificate may be validated similarly. This processcontinues iteratively until a root public key of a certificate authorityis used to validate the signature of the prior certificate within thechain of certificates. Thus, the computing device may be authenticatedby virtue of the certificate chain being validated by the certificateauthority, which is a trusted entity. Once a computing device has beenauthenticated, a service provider may provide account information orservices to the computing device or a user of the computing device.

An “encryption key” may include any data value or other informationsuitable to cryptographically encrypt data. A “decryption key” mayinclude any data value or other information suitable to decryptencrypted data. In some cases, the same key used to encrypt data may beoperable to decrypt the data. Such a key may be known as a symmetricencryption key.

A “tag” or “certificate tag” refers to data field within a certificatethat is associated with a specific identifier. The tag is associatedwith a value of the data field. A certificate may have a plurality oftags and associated values that may be used during an authenticationprocess. The tag identifier may be a hexadecimal identifier (e.g., “42,”“5F20,” or “53,” or “5F37”). The tag may have a minimum or maximumbit-length (e.g., 1-16 bytes, or 4 bytes) and a specified description(e.g., “certificate serial number,” “CA identifier,” “subjectidentifier,” or “discretionary data”). In some cases, a tag may be blankor null (e.g., when the associated value is unknown).

A “secure element” refers to a tamper-resistant platform (e.g., a securemicrochip comprising a secure microcontroller and secure memory) capableof securely executing applications and storing data (e.g. cryptographickeys). A secure element may be embedded within a computing device itselfor it may be embedded within a subscriber identity module (SIM). Thesecure element may be secure because data stored within the secureelement cannot be directly access, as memory can be accessed, butinstead can only be accessed via requests made to the microcontroller ofthe secure element, which may implement a set of rules and requirementsfor access. Secure elements may via electrical contacts or via acontactless interface (e.g., near-field communications).

DETAILED DESCRIPTION

Service providers may only provide data or services to computing devicesthat can be authenticated in order to prevent unauthorized access.Devices can store certificates that can be authenticated using acertificate chain validation process. In certificate chain validation,each certificate can be iteratively validated using the next certificatein the parent-child hierarchy. For example, a device certificate can bevalidated using a public key of a first parent certificate, and thefirst parent certificate can be validate using a root public key of aroot certificate. In this example, the first parent certificate is theparent of the device certificate and the root certificate is the parentof the first parent certificate. The root certificate may beself-validated.

In a typical certificate chain validation process, the parent public keycorresponding to a particular child certificate is identified, and thatparent public key is used to validate the signature of the childcertificate. Typically, the certificate authority that signed a childcertificate may be identified by a CA identifier (e.g., parentcertificate identifier) in the child certificate. A device beauthenticated if each certificate within the parent-child hierarchy,starting from the device certificate, can be identified and validated.

Identifying which parent certificate to use for validation of a childcertificate may be problematic if the child certificate does not containan identifier of its parent certificate. For example, certain secureelement microchips are manufactured with signed certificates that do notinclude a CA identifier value. These microchips may be used inauthentication systems where the CA does not need to be identifiedbecause the authentication server only uses a single CA root certificatefor authentication. However, in other authentication systems, theauthentication server can store a plurality of root certificates forauthentication. Therefore, an authentication server needs to identifythe CA root certificate that corresponds to the received devicecertificate. However, it may not be possible to write the CA identifierto an existing certificate, particularly when the existing certificateis in a secure element of a device. Furthermore, it may be impracticalor impossible for an authentication server to identify the proper CAroot certificate through trial-and-error due to the computationalcomplexity of validating the signature and the large number of rootcertificates stored at the authentication server. Therefore, it may notbe possible for some certificates to be used in certain authenticationsystems if the certificates do not have a CA identifier value in the CAidentifier field.

Systems and methods that address this problem are described below.

I. Authentication of Secure Elements Using Certificate Chain Validation

Secure element microchips can store certificates for authenticating witha service provider. These certificates may be validated using acertificate chain validation process in which the certificate authoritythat signed the certificate is identified, and the public key of thatcertificate authority is used to verify the signature of thecertificate. Typically, a certificate has a CA identifier tag that isused to identify the corresponding certificate authority that signedthat certificate. However, certain secure element microchips aremanufactured without a CA identifier value stored in the certificate.These microchips may be provided to device manufacturers thatmanufacture devices for a wide range of purposes. Some service providersmay only provide services to one type of device. If the secure elementsof those devices are provided by one device microchip manufacturer, thenonly one certificate authority public key may be used to authenticatethose devices. Accordingly, the service provider does not need toidentify which certificate authority public key to use forauthentication because only one public key may be used.

However, some service providers provide services to a number ofdifferent types devices comprising different secure element microchips.Accordingly, an authentication server of the service provider can storenumerous different certificate authority public keys for authenticatingdifferent devices. Devices having certificates that do not identifytheir corresponding certificate authority may not be able to be usedwith such service providers since the services provider may not be ableto identify which of the numerous different certificate authority publickeys to use for authenticating such devices.

A. System for Authenticating Secure Elements Using Certificate ChainValidation

An improved system for authenticating secure elements using certificatechain validation is described herein. In some embodiments, a hash valueor other identifier value derived from the parent public key may bewritten to a discretionary data field of the certificate within thesecure element. As such, the certificate authority of that certificatecan be identified even if the certificate does not include a CAidentifier tag value to identify the certificate authority.

FIG. 1 shows a system 100 for providing a certificate to a device 132for authenticating with an authentication server 122, in accordance withsome embodiments. The system 100 includes a microchip manufacturer 110.The microchip manufacturer 110 may be a manufacture of semiconductorchips including secure element microchips. The microchip manufacturer110 can manufacture a secure element 112, which is a microchip that canbe embedded within the device 132.

A microchip certificate 114 can be stored in the secure element 112during an onboarding process. The microchip certificate 114 includes amicrochip public key and a signature. The signature of the microchipcertificate 114 may be generated by signing the microchip public key,and potentially other data, using a certificate authority (CA) privatekey 116 of the microchip manufacturer 110. In this embodiment, microchipmanufacturer 110 can act as the certificate authority for the microchipcertificate 114. In other embodiments, a different entity may be thecertificate authority of the microchip certificate 114.

A CA root certificate 117 (including a public key that corresponds to CAprivate key 116) of the microchip manufacturer 110 may be used tovalidate the signature of the microchip certificate 114. As such, themicrochip certificate 114 is the “child” and the CA root certificate 117is the “parent” within a parent-child hierarchy for certificate chainvalidation. In some embodiments, the CA root certificate 117 may be“self-signed” by the CA private key 116. The secure element 112 alsocontains a microchip private key 115 corresponding to the microchippublic key of the microchip certificate 114. The microchip private key115 and the microchip public key form a cryptographic key pair. Themicrochip certificate 114 also includes a plurality of certificate tags.

Typically, digital certificates include a public key, a signature, and aplurality of certificate tags. These tags may indicate a serial numberof the certificate, an effective date of the certificate, an expirationdate of the certificate, a CA identifier of the CA that signed thecertificate, or other various other details and parameters forauthentication using the certificate. Table 1 below shows tags in acertificate, the bit-length of the corresponding tag, and a descriptionof the values within those tags.

TABLE 1 Tag Length Description 7F21 Variable Certificate 93 1-16Certificate Serial Number 42 Variable CA Identifier 5F20 1-16 SubjectIdentifier 95 1 Key Usage 5F25 4 Effective Date 5F24 4 Expiration Date45 Variable CA Security Domain Image Number 53 1-127 Discretionary Data5F37 Variable Signature 5F38 Variable Public Key Modulus Remainder

As shown in Table 1, the value of Tag 42 of the certificate is the CAidentifier, which can be used to identify the parent public key forvalidating the certificate. The identifier in Tag 42 identifies thecertificate authority that signed the certificate. If the signingcertificate authority can be identified from the identifier of Tag 42,then the public key of that certificate authority can be identified andused to validate the signature of the certificate. Thus, anauthentication server may identify the public key of the certificateauthority that signed the certificate based on the value of Tag 42.

While the microchip certificate 114 is signed by the CA root certificate117 of the microchip manufacturer 110, the microchip certificate 114 maynot include an identifier that identifies the CA root certificate 117 orthe microchip manufacturer 110. That is, the microchip certificate 114does not include a CA identifier value in Tag 42 of the microchipcertificate 114. For example, the CA identifier value may be a value ofzero, an empty value, or a NULL value. As such, the microchipcertificate 114 with its present tag values may not be authenticated inan authentication system that uses multiple CA root certificates forauthentication.

An identifier value for the CA root certificate 117 may not be writtento the microchip certificate 114 of the secure element 112 because themicrochip certificate 114 has already been signed using the CA privatekey 116. Furthermore, it may be impractical for the microchipmanufacturer 110 to change their manufacturing and onboarding process toinclude the CA identifier value in Tag 42 of each microchip'scertificate for backward compatibility reasons. Even though the CAidentifier Tag 42 may not be changed after the microchip certificate 114has been signed, other tags of the microchip certificate 114 may bechanged after the CA signs the microchip certificate. An identifier ofthe CA may be written to such tags.

In some embodiments, an key identifier identifying the CA root publickey of the CA root certificate 117 may be written to the discretionarydata of the microchip certificate 114. As shown in Table 1 above, Tag 53contains discretionary data. The discretionary data of Tag 53 caninclude fields for name-value pairs. In this embodiment, Tag 53 of themicrochip certificate 114 includes a new field to enable validation ofthe microchip certificate 114 using the CA root certificate 117. In someembodiments, the name of this new field may be called “CA” and the valueof the new field may be a Secure Hash Algorithm 1 (SHA-1) hash value ofa modulus of the parent public key (e.g., the CA root public key of theCA root certificate 117). This new field of Tag 53 is shown in Table 2below.

TABLE 2 Name Length Description CA 20 SHA-1 hash value of the parentpublic key modulus

Public keys contain a modulus and an exponent. While the value of theexponent is typically the same between different public keys (e.g., theexponent typically has the value of “3” or “65537”), the value of themodulus is different between different public keys. Accordingly, themodulus of a public key may be used to identify that public key. Whilethe modulus of the public key may be used to identify the public key,the modulus of the public key may be hashed using the SHA-1 algorithm sothat the public key is not specifically identifiable from the hash valuealone. Thus, Tag 53 of the microchip certificate 114 can store aname-value pair including the name “CA” and the SHA-1 hash value of thepublic key modulus of the CA root public key of the CA root certificate117. In some embodiments, the microchip manufacturer 110 may write the“CA” name and SHA-1 hash value of the parent public key modulus to Tag53. In other embodiments, this name-value pair may be written by adifferent entity.

The microchip manufacturer 110 may provide microchips to one or moredevice manufacturers. In this embodiment, the microchip manufacturerprovides their microchips, including the secure element 112, to a devicemanufacturer 130. The device manufacturer 130 may manufacture orassemble computing devices including secure elements for secure storageof data and credentials. These devices can include mobile devices, suchas smart phones, tablets, smartwatches, and activity tracking devices.

The device manufacturer 130 can embed the secure element 112 into thedevice 132. The device manufacturer 130 can provide the secure element112 with the microchip certificate 114 during a manufacturing process.After the microchip certificate 114 has been loaded to the secureelement 112, the device manufacturer 130, or another entity, can write asecond identifier to the microchip certificate 114. For example, thesecond identifier can be a name-value pair which can be written to adiscretionary data field of Tag 53 of the microchip certificate 114. Forexample, the name value pair can include the name “CA” and the value canbe a SHA-1 hash of the modulus of the CA root public key of the CA rootcertificate 117 (e.g., the parent certificate). As such, the device 132may be able to be authenticated even if the microchip certificate 114does not does not include an identifier of the public key of the CA rootcertificate 117 in Tag 42 of the microchip certificate 114.

The device manufacturer 130 can then provide the device 132 to the user140. The user 140 of the device 132 may have an account with a serviceprovider 120 in order to receive information (e.g., data) or servicesfrom the service provider 120. In some embodiments, the user 140 mayenroll their device 132 with the service provider 120 in order to accessdata and services for their account. For example, the service provider120 may provide network access to the device 132, or the serviceprovider 120 may provide payment functionality to the device 132.

In order to prevent unauthorized access to their data and services, theservice provider 120 may require devices to be authenticated. Theservice provider 120 can implement an authentication server 122 forauthenticating devices using certificate chain validation. Devices,including the device 132, may communicate with the authentication server122 using a device reader 150. The device reader 150 may communicatewith the device 132 via electrical contacts of the secure element 112 orvia a contactless interface (e.g., a near-field communicationsinterface) of the secure element 112. The device reader 150 maycommunicate with the authentication server 122 over a communicationsnetwork.

In order to be authenticated, devices can provide their signedcertificates to the authentication server 122. In this embodiment, theauthentication server 122 stores numerous certificates forauthenticating a variety of different devices. As shown, theauthentication server 122 stores the CA root certificate 117 of themicrochip manufacturer 110. In some embodiments, the microchipmanufacturer 110 may have securely provided the CA root certificate 117to the service provider 120 or the authentication server 122 off-band.For example, the CA root certificate 117 can be written to a flash driveby the microchip manufacturer 110, and the CA root certificate 117 canbe transferred to the authentication server 122 from the flash drive. Assuch, the authenticity of the CA root certificate 117 is ensured. Inother embodiments, the CA root certificate 117 may be provided to theauthentication server 122 via secure (e.g., encrypted) networkcommunications.

The authentication server 122 also stores numerous other certificatesand the root certificates of other certificate authorities besides themicrochip manufacturer 110. For example, the authentication server 122can store a second CA root certificate 125 and numerous other unspecificCA root certificates. As shown in FIG. 1, the authentication server 122can store numerous unspecific CA root certificates as shown by theellipsis between the second CA root certificate 125 and the nth CA rootcertificate 127. In other embodiments, another computer or device mayauthenticate the device 132 instead of the authentication server 122.

The authentication server 122 may implement a method for authenticatingsecure elements using certificate chain validation. This improved methodenables the authentication server 122 to identify which parentcertificate corresponds to a received certificate even if the receivedcertificate does not include a CA identifier value in Tag 42. Theauthentication server 122 may determine which public key is the parentpublic key based on either a CA identifier value of Tag 42 or a hashvalue stored in Tag 53. The authentication server 122 can store a CApublic key lookup table 129 in order to determine the CA public keycorresponding to the received certificate by using the value stored inTag 53.

The CA public key lookup table 129 may associate each stored public witha CA identifier value and a hash value of the public key modulus.Accordingly, if the authentication server 122 receives a certificatecontaining a CA identifier value in Tag 42, it can look up thecorresponding CA root certificate based on the CA identifier valueassociations within the CA public key lookup table 129. In addition, ifthe authentication server 122 receives a certificate that does notcontain a CA identifier value in Tag 42, the authentication server canlook up the corresponding CA root certificate based on the hash valueassociations within the CA public key lookup table 129. In someembodiments, the CA identifier value associations and the hash valueassociations may be stored in separate tables. In some embodiments, theauthentication server 122 may also associate the values of the “Issuer”field of the certificate and the “Subject” field of the certificate forverification during the lookup.

The authentication server 122 can receive and store the CA rootcertificate 117. In response to receiving the CA root certificate 117,the authentication server 122 can extract the modulus from the publickey of the CA root certificate 117. The authentication server can thenperform a hashing algorithm (e.g., SHA-1) on the public key of the CAroot certificate 117 to obtain a hash value for the CA root certificate117. Upon obtaining the hash value for the CA root certificate 117, theauthentication server 122 may associate the hash value of the modulus ofthe public key of the CA root certificate 117 with the public key of theCA root certificate 117 in the CA public key lookup table 129. Theauthentication server 122 may also associate the hash value of themodulus of the public key of the CA root certificate 117 with the CAroot certificate 117 itself in the CA public key lookup table 129. Theauthentication server 122 may store the CA identifier values and thehash values of the CA public key lookup table 129 as base 64 encodedvalues. Thus, any of the associations mentioned above may occur via anassociation between the hash values (or other value derived from thepublic key) and the CA identifier values.

Using the CA public key lookup table 129, the authentication server 122may validate the microchip certificate 114 of the device 132. In someembodiments, the authentication server 122 may also verify that an“Issuer” field of the microchip certificate 114 and a “Subject” field ofthe microchip certificate 114 have the same value, format, andrepresentation as each other. The value of the issuer field and thevalue of the subject field of the microchip certificate 114 may bestored by the authentication server 122 with base 64 encoding. In someembodiments, these fields may also be used in the lookup performed bythe authentication server 122.

In this embodiment, the secure element 112 of the device 132 can sendits microchip certificate 114 to the authentication server 122 via thedevice reader 150. Upon receiving the microchip certificate 114, theauthentication server 122 can lookup the corresponding parentcertificate and perform a certificate chain validation process.

The authentication server 122 can extract both the CA identifier valuefrom Tag 42 of the microchip certificate 114 and the hash value from the“CA” field of Tag 53. Using the CA public key lookup table, theauthentication server 122 can determine whether a stored CA public keyis associated with the CA identifier value from Tag 42 or the hash valuefrom Tag 53. In this embodiment, the microchip certificate 114 may notcontain a CA identifier value in Tag 42 (e.g., Tag 42 is blank or null).However, the microchip certificate 114 may contain a hash value in Tag53. If the parent certificate cannot be identified based on the CAidentifier value of Tag 42, then the authentication server may attemptto identify the parent certificate using the hash value of the “CA”field of Tag 53.

Using the CA public key lookup table 129, the authentication server candetermine that the public key of the CA root certificate 117 isassociated with the microchip certificate 114 and that the CA rootcertificate 117 of the microchip manufacturer 110 is the parentcertificate of the microchip certificate 114. Accordingly,authentication server can use the public key of the CA root certificate117 in performing certificate chain validation of the microchipcertificate 114.

The authentication server 122 may authenticate the secure element 112and the device 132 if the microchip certificate 114 can be validatedusing the public key of the CA root certificate 117. If the secureelement 112 is authenticated, the service provider 120 may provide dataor services to the device 132 of the user 140.

In prior authentication systems, an authentication server may not beable to validate a child certificate if the certificate authority doesnot include the CA identifier value in Tag 42. As described above, thepresent embodiment improves upon prior authentication systems byincluding a hash value of the public key modulus of the parentcertificate in a “CA” field of Tag 53 of the child certificate. Thisenables the authentication server to look up the parent certificateusing either the CA identifier value in Tag 42 or the hash value in Tag53. Thus, the present embodiment enables certificates lacking the CAidentifier value in Tag 42 to be authenticated, which was previouslyimpractical or impossible. The system 100 is especially advantageousbecause the secure element 112 can store the sensitive accountinformation that needs to be used for receiving data or services fromthe service provider 120. As such, the service provider 120 may need toauthenticate the secure element 112 itself and not any other componentof the device 132. Another advantage is that certain microchipmanufacturers do not have to break backwards compatibility in theirprocesses in order to provide the CA identifier values in Tag 42.

Methods for identifying the parent certificate for authentication of thechild certificate are described in further detail below.

B. Method for Authenticating Secure Elements Using Certificate ChainValidation

As discussed above, some certificates may not include a CA identifiervalue in Tag 42. In this case, a hash value may be included (in the “CA”field of Tag 53 of the certificate) to identify the parent certificate.An authentication server may associate a public key of a CA rootcertificate with both a CA identifier value and a hash value of themodulus of the public key of the CA root certificate. Then, when theauthentication server receives a child certificate for validation, itcan look up the corresponding parent certificate using either the CAidentifier value or the hash value of the modulus of the public key ofthe CA root certificate.

FIG. 2 shows an authentication method 200 that includes identifying aparent certificate for validating a child certificate, according to someembodiments. Method 200 can determine whether a device providing acertificate is authenticated. Method 200 may be performed by theauthentication server 122 in the system 100 described above with respectto FIG. 1. As shown in FIG. 2, the method 200 begins at step 201 andincludes YES/NO decision steps at 204, 206, 210, and 212.

At step 201, method 200 comprises receiving a certificate. The receivedcertificate may be received at an authentication server from a device ora secure element of the device. The certificate may be signed by a CAroot private key of a certificate authority and may be validated using aCA root certificate of the certificate authority. As such, thecertificate may be a child certificate and the CA root certificate maybe the parent certificate of the received certificate for certificatechain validation.

At step 202, method 200 may comprise extracting a CA identifier valueand/or a hash value from the received certificate. The CA identifiervalue may be extracted from Tag 42 of the certificate, and the hashvalue may be extracted from a “CA” field in Tag 53 of the certificate.The CA identifier value and the hash value may be base 64 encoded.

At step 203, method 200 comprises looking up the parent public key usingthe CA identifier. The CA identifier may be associated with the parentpublic key in a lookup table as described above with reference toFIG. 1. The lookup table may include associations for each CA public keyused for authentication. These associations may be created when each ofthe CA root certificates (containing the CA public key) is received.

At decision step 204, method 200 comprises determining whether theparent public key can be identified using the CA identifier. Asdiscussed herein, certain certificates may not include a CA identifierin Tag 42 (e.g., the CA identifier value may be null). Consequently, theparent certificate may not be identifiable based on the CA identifier ofthe certificate. However, typical certificates may include the CAidentifier in Tag 42, and the parent certificate may be identified usingthe CA identifier value (e.g., because the CA identifier value isassociated in a CA public key lookup table).

If the parent public key can be identified using the CA identifier ofthe certificate, the method continues to step 205 (the YES decisionpath). If the parent public key cannot be identified using the CAidentifier of the certificate, then the method continues to step 209(the NO decision path).

At step 205, method 200 comprises validating the child certificate usingthe parent public key identified at step 204. The child certificate maybe validated using a certificate chain validation process. Typically,the child certificate will be validated because the CA signed the childcertificate using the CA private key corresponding to the public key ofthe identified parent certificate. However, in some cases, thecertificate may no longer be valid, or the CA root certificate may nolonger be valid, or there may have been some other error.

At decision step 206, method 200 makes a decision based on whether thechild certificate was valid or not. If the child certificate is valid,then the result 207 of the method 200 is that device that provided thechild certificate is authenticated (the YES decision path). If the childcertificate is not valid, then the result 208 of the method 200 is thatthe device that provided the child certificate is not authenticated (theNO decision path).

As discussed above, if at step 204 the parent public key cannot beidentified using the CA identifier of the child certificate, then method200 continues to step 209. At step 209, the method 200 comprises lookingup the parent public key using the hash value. The lookup table mayinclude has value associations for each CA public key that is used forauthentication. These hash values may be a hash value of a modulus ofthe associated CA public key. These associations may be created wheneach of the CA root certificates (containing the CA public key) isreceived.

At decision step 210, method 200 comprises determining whether theparent public key can be identified using the hash value of the childcertificate. As discussed herein, certain certificates may not include aCA identifier in Tag 42 (e.g., the CA identifier value may be null) butmay instead contain a hash value in a “CA” field of Tag 53 of thecertificate to use for identifying the corresponding CA public key.

If the parent public key can be identified using the hash value of thecertificate, method 200 continues to step 211 (the YES decision path).If the parent public key cannot be identified using the hash of thecertificate, then the result 215 of method 200 is that the device thatprovided the child certificate is not authenticated (the NO decisionpath).

At step 211, method 200 comprises validating the child certificate usingthe parent public key identified at step 209. The child certificate maybe validated using a certificate chain validation process. Typically,the child certificate will be validated because the CA signed the childcertificate using the CA private key corresponding to the public key ofthe identified parent certificate. However, in some cases, thecertificate may no longer be valid, or the CA root certificate may nolonger be valid, or there may have been some other error.

At decision step 212, method 200 makes a decision based on whether thechild certificate was valid or not. If the child certificate is valid,then the result 213 of method 200 is that device that provided the childcertificate is authenticated (the YES decision path). If the childcertificate is not valid, then the result 214 of method 200 is that thedevice that provided the child certificate is not authenticated (the NOdecision path).

II. Exemplary Computer Systems for Authentication

As discussed above, a device may contain a secure element microchip forsecurely storing sensitive data. For example, the secure elementmicrochip of the device can store a microchip certificate forauthentication of the secure element microchip of the device. Asdiscussed above with reference to FIG. 1, the device may provide themicrochip certificate to an authentication server in order toauthenticate the device. The microchip certificate can contain a hashvalue or other identifier value such that the authentication server canidentify the certificate authority of the device's secure element. Asfurther described below, the device and the authentication servercontain numerous electronic components to perform the processesdescribed herein.

A. Exemplary Device with Secure Element

FIG. 3 shows a block diagram of components of a device 332 including asecure element 312, according to some embodiments. The variouscomponents may be embodied by computer hardware or computer code storedon a non-transitory computer readable storage medium. The device 332 maybe implemented in a system for authenticating with an authenticationserver as described above with reference to FIG. 1.

The device 332 can comprise one or more processor circuits 302. Theprocessor circuit 302 may execute instructions to perform the functionsof the device described herein (e.g., communicating with an accessserver). The processor circuit 302 may be coupled to one or more memoryunits 304 that can store data and instructions. The memory unit 304 maybe non-transitory computer-readable storage medium. The processorcircuit 302 can read data from the memory unit 304 and write data to thememory unit 304. For example, the processor circuit 302 may readinstructions from the memory unit 304 and execute the instructions toperform the functions of the devices described herein.

The device 332 can also comprise a device communication interface 306.The device communication interface 306 may receive communications from acommunication interface of another computer, such as communications froman authentication server. The device communication interface 306 mayalso transmit communications to another computer. In some embodiments,the device communication interface 306 is capable of wirelesscommunications (e.g., cellular or Wi-Fi). In other embodiments, thedevice communication interface 306 is capable of bluetoothcommunications or near-field communications. In other embodiments, thedevice communication interface 306 is capable of Ethernetcommunications.

The device 332 can also comprise a secure element 312. The secureelement 312 is a tamper-resistant platform capable of securely executingapplications and storing data (e.g. cryptographic keys). In someembodiments, the secure element 312 is embedded within the device 332.In other embodiments, the secure element 312 is included in a subscriberidentity module (SIM) that can be electrically coupled to the device332.

The secure element 312 can comprise a microprocessor 313. Themicroprocessor 313 may execute instructions to perform the functions ofthe secure element described herein (e.g., securely storing a microchipcertificate and providing the microchip certificate to an authenticationserver). The microprocessor 313 of the secure element 312 can executeinstructions independent of the processor 302 of the device 332.

The microprocessor 313 or the secure element may communicate with theprocessor 302 of the device 332 using a microchip communicationinterface 314. The processor 302 of the device 332 may not directlyaccess a secure memory 320 of the secure element 312. Instead, theprocessor 302 of the device 332 can communicate with the microprocessor313 using request-response type communications wherein the processor 302requests data from the microprocessor 313. The microchip communicationinterface 314 may also be used to communicate with a device reader asdiscussed above with reference to FIG. 1. For example, themicroprocessor 313 may use the microchip communication interface 314 tosend the microchip certificate 350 to a device reader. In someembodiments, the microchip communication interface 314 is be capable ofnear-field communications.

The microprocessor 313 can read and write data to the secure memory 320of the secure element. The secure memory 320 can be non-transitorycomputer-readable storage medium. The microprocessor 313 can readexecutable instructions from the secure memory 320. The secure element312 may be secure because data stored within the secure memory 320 ofthe secure element 312 cannot be directly accessed. Instead, the data ofthe secure memory 320 can only be accessed via requests made to themicroprocessor 313 of the secure element 312. The microprocessor 313 canimplement a set of rules and requirements for accessing data stored inthe secure memory 320.

The secure memory 320 of the secure element 312 can store a microchipprivate key 340 and a microchip certificate 350. The microchipcertificate 350 can contain a microchip public key 351 corresponding tothe microchip private key 340 (e.g., the microchip public key 351 andthe microchip private key 340 form a public-private key pair). Themicrochip certificate 350 can also contain a signature 352. Thesignature 352 can be created by the certificate authority of the secureelement 312 signing the microchip certificate 350 using a certificateauthority private key of the certificate authority as described above.The microchip certificate 350 can be used for authenticating the secureelement 312 as described above with respect to FIG. 1 and FIG. 2.

The microchip certificate 350 can also contain certificate tags 360. Thecertificate tags 360 can include “Tag 42” 361 and “Tag 53” 362. In someembodiments, “Tag 42” can contain a CA Identifier value that identifiesthe certificate authority that signed the certificate (e.g., the CAidentifier value can be used to identify the public key of thecertificate authority that can be used to validate the microchipcertificate 350). In some embodiments, “Tag 53” can contain a name-valuepair of “CA” and a hash value of the modulus of the public key of thecertificate authority that signed the microchip certificate 350. Thehash value of “Tag 53” can be used to identify the public key of thecertificate authority which can be used to validate the microchipcertificate 350 using a certificate chain validation process.

Using the components described above, the secure element 312 of thedevice 332 can provide the microchip certificate 350 to anauthentication server for authentication of the secure element 312 andthe authentication server can identify the CA public key to use forvalidating the microchip certificate 350 based on the CA identifiervalue of “Tag 42” or the hash value of “Tag 53” as discussed above.

B. Exemplary Authentication Server

FIG. 4 shows a block diagram of components of an authentication server442, according to some embodiments. The various components of theauthentication server 442 may be embodied by computer hardware orcomputer code stored on a non-transitory computer readable storagemedium. The authentication server 442 may be implemented in a system forauthenticating a device as described above with reference to FIG. 1. Theauthentication server 442 may also implement the method for identifyinga parent certificate for validation of a child certificate as describedabove with reference to FIG. 2.

The authentication server 442 can comprise one or more processorcircuits 402. The processor circuit 402 may execute instructions toperform the functions of the authentication server described herein(e.g., identifying a CA public key and validating a certificate). Theprocessor circuit 402 may be coupled to one or more memory units 404that can store data and instructions. The memory unit 404 may benon-transitory computer-readable storage medium. The processor circuit402 can read data from the memory unit 404 and write data to the memoryunit 404. For example, the processor circuit 402 may read instructionsfrom the memory unit 404 and execute the instructions to perform thefunctions of the devices described herein.

The memory unit 404 can store a plurality of certificates 411 forperforming certificate chain validation as discussed above. The memoryunit 404 can also store associations of identifiers and certificates413. For example, a particular CA identifier value can be associatedwith a particular certificate of the plurality of certificates 411. Asdiscussed above with reference to FIG. 2, an authentication server canreceive a certificate, extract a CA identifier value from Tag 42 of thecertificate, and use the CA identifier value to identify the parentcertificate based on associations of identifiers and certificates 413.In some embodiments, the associations of identifiers and certificates413 can be in the form of a table.

The memory unit 404 can also store associations of hash values andcertificates 415. For example, a particular hash value can be associatedwith a particular certificate of the plurality of certificates 411. Asdiscussed above with reference to FIG. 2, an authentication server canreceive a certificate, extract a hash value from Tag 53 of thecertificate, and use the hash value to identify the parent certificatebased on associations of hash values and certificates 413. As describedabove, the hash value may be a hash of the modulus of the public key ofthe parent certificate. In some embodiments, associations of hash valuesand certificates 415 can be in the form of a table.

The authentication server 442 can also comprise a server communicationinterface 406. The server communication interface 406 can receivecommunications from a communication interface of another computer orcomputing device, such as communications from a device or device reader.The server communication interface 406 may also transmit communicationsto another computer or computing device. In some embodiments, the servercommunication interface 406 is capable of wireless communications (e.g.,cellular or Wi-Fi). In other embodiments, the server communicationinterface 406 is capable of Ethernet communications.

III. Exemplary Method for Authentication

FIG. 5 shows a flowchart 500 of a method for identifying a parentcertificate and validating a child certificate, according to someembodiments. The method may be performed by an authentication server asdescribed above with reference to FIG. 1, FIG. 2, and FIG. 4.

At step 501, a parent certificate including a public key is obtained.The parent public key can comprising a public key modulus. The methodfurther includes the step 502 of associating a first identifier valuewith the parent certificate.

The method further includes the step 503 of obtaining a first hash valuethat is a hash of a public key modulus of the public key of the parentcertificate. In some embodiments, the first hash value of the parentpublic key modulus is obtained by hashing the parent public key modulusof the public key of the parent certificate to obtain the first hashvalue. The method further includes the step 504 of associating the firsthash value with the parent certificate.

The method further includes the step 505 of receiving a childcertificate from the device. The child certificate can contain anidentifier field and a data field. The identifier field can comprise asecond identifier value which is different from the first identifiervalue. The data field can comprise a second hash value which is the sameas the first hash value associated with the parent certificate. In someembodiments, the method includes the step of extracting the secondidentifier value from the child certificate.

In some embodiments, the data field of the child certificate cancomprise a name-value pair, which comprising a name and a value. In someembodiments, the name can be “CA” and the value can be the second hashvalue, where the second hash value is the same as the first hash valueof the public key modulus of the parent public key of the parentcertificate. In some embodiments, the data field can further comprise afirst tag which is “Tag 53” and the identifier field can comprise asecond tag which is “Tag 42.”

The method further includes the step 506 of determining that the secondidentifier value of the child certificate is not associated with thepublic key. In some embodiments, the method further includes the step ofcomparing the second identifier value from the child certificate to oneor more identifier values that are respectively associated with one ormore parent public keys. In some embodiments, the method furtherincludes the step of determining that the second identifier value fromthe child certificate is not equal to any of the one or more identifiervalues that are respectively associated with one or more parent publickeys.

The method further includes the step 507 of determining that the secondhash value of the data field of the child certificate is associated withthe public key. In some embodiments, the method includes the step ofextracting the second hash value from the child certificate. In someembodiments, the method further includes the step of comparing thesecond hash value from the child certificate to one or more hash valuesthat are respectively associated with one or more parent public keys. Insome embodiments, the method further comprises the step of determiningthat the second hash value from the child certificate is equal to thefirst hash value that is associated with the parent public key. In someembodiments the determination that the second hash value of the datafield of the child certificate is associated with the parent public keyis performed after the determination that the second identifier value ofthe child certificate is not associated with the parent public key. Insome embodiments, the identification of the parent certificate is basedon the second hash value from the child certificate being equal to thefirst hash value that is associated with the parent public key and theparent public key being the parent public key of the parent certificate.

In some embodiments, the associating of the first identifier value withthe parent public key comprises associating the first identifier valuewith the parent public key in a table, and wherein the associating ofthe first hash value with the parent public key comprises associatingthe first hash value with the parent public key in the table. In someembodiments, the method further includes using the second identifiervalue to lookup a first associated public key in the table where thesecond identifier value is not associated with any certificate in thetable. In some embodiments, the method further includes using the secondhash value to lookup a second associated public key in the table wherethe second hash value is associated with the parent public key in thetable.

The method further includes the step 508 of identifying the parentpublic key based on the second hash value. The method further includesthe step 509 of validating the child certificate using the parentcertificate. In some embodiment, the method further includes providing atoken to the device in response to the validation of the childcertificate.

IV. Authentication of Certificates for Provisioning

The methods described above may be used by a token manager toauthenticate a microchip certificate that may not have an identifier ofits certificate authority. FIG. 6 shows a message flow diagram 600 forauthenticating a secure element microchip 640, according to someembodiments. The system includes a controlling authority computer 630that can act as the certificate authority for the secure elementmicrochip 640. The controlling authority may be the manufacturer of thesecure element microchip 640. The system also includes a serviceprovider computer 620 which can provide services to the secure elementmicrochip 640. The service provider computer 620 may provide paymentprocessing services, for example. The system also includes a tokenmanager computer 650 that can provision a token or authenticationcertificate to the secure element microchip 640. The system alsoincludes a service provider configuration portal computer 660 that canprovide public certificate authority public keys to service providers.

The controlling authority computer 630 can store a controlling authoritypublic key 631 and a controlling authority private key 632 thatcorresponds to the controlling authority public key 631. The controllingauthority public key 631 and the controlling authority private key 632can form a key pair. The controlling authority public key 631 caninclude a modulus and an exponent. The secure element microchip 640 canstore a chip public key 641 and a corresponding chip private key 642.The chip public key 641 and the chip private key 642 can form a keypair. At 601, the controlling authority computer can sign the chippublic key 641 of the secure element microchip to create a chipcertificate 643. As such, the controlling authority computer 630 can actas the certificate authority of the secure element microchip 640 sincethe controlling authority public key 631 can be used to verify thesignature of the chip certificate 643. The controlling authoritycomputer 630 can provide the chip certificate to the secure elementmicrochip 640, which can secure store it.

However, the chip certificate 643 generated by the controlling authoritycomputer 630 may not include a certificate authority identifier (e.g., aCA identifier in Tag 42 of the chip certificate 643). that identifiesthe controlling authority computer 630 as the certificate authority ofthe chip certificate 643. The controlling authority computer 630 may notinclude a certificate authority identifier in the chip certificate 643for various reasons. For example, including the certificate authorityidentifier in the chip certificate 643 might change an existingcertificate generation process of the controlling authority and the newprocess might break compatibility with other processes of thecontrolling authority. Instead of including a CA identifier value in thechip certificate 643, the controlling authority computer 630 can includea hash value that identifies the controlling authority computer 630 asthe certificate authority. The controlling authority computer 630 cancreate the hash value by performing a hash function on the modulus ofthe controlling authority public key 631. The hash value can be includedwithin a discretionary data field of the chip certificate 643. Forinstance, the hash value can be included within a name-value pair of Tag53 of the chip certificate 653 where the name is “CA” and thecorresponding value is the hash value of the modulus of the controllingauthority public key 631.

The controlling authority computer 630 can also be the certificateauthority for the service provider computer 620. As the certificateauthority, the controlling authority computer 630 can be the signer ofthe certificate of the service provider computer 620. To create thesigned certificate, at 602, the service provider computer 620 can sendthe service provider public key 621 to the controlling authoritycomputer 630. Then, at 603, the controlling authority computer 630 canreceive the service provider public key 621 from the service providercomputer 620 and sign the service provider public key 621 using thecontrolling authority private key 632 to create a service providercertificate 622. As such, the signature of the service providercertificate 622 can be verified using the controlling authority publickey 631. The controlling authority computer 630 can then send theservice provider certificate 622 to the service provider computer 620,which can receive and store the service provider certificate 622.

At 604, the secure element 640 can generate a randomly generated key(RGK). The secure element 640 can send the RGK and the chip certificate643 to the service provider computer 620. In some embodiments, the tokenmanager computer 650 can generate the RGK and send it to the serviceprovider computer 620, instead of the secure element 640. The RGK can berandomly generated according to a size requirement (e.g., 128 bits). TheRGK can be a base initial key for deriving child keys. For example, theRGK can be used in a key derivation function (KDF) to generate symmetrickeys to be used for securing data communication sessions.

At 605, the service provider computer 620 can encrypt the RGK using atoken manager public key 651 of the token manager computer 650. The RGKcan be encrypted by asymmetric RSA keys of 2048 bit size. The RGK isencrypted to provide data protection and confidentiality for thetransmission of the RGK from the service provider computer 620 to thetoken manager computer 650. The service provider computer 620 can sendthe encrypted RGK and the chip certificate 643 to the token managercomputer 650. In some embodiments, the chip certificate 643 can also beencrypted by the service provider computer 620. The token managercomputer 650 can receive the encrypted RGK and the chip certificate 643from the service provider computer 620.

At 606, the token manager computer 650 can decrypt the encrypted RGKusing the token manager private key 652 that corresponds to the tokenmanager public key 651. The token manager computer 650 can use the RGKto perform key derivation function operations to derive symmetric keysfor use in secure operations. In order to validate the chip certificate643, the token manager computer 650 can identify the certificateauthority for authenticating the chip certificate 643. The token managercomputer 650 can use the authentication method described above withrespect to FIG. 2 in order to identify that the controlling authoritycomputer 630 is the certificate authority of the chip certificate 643.For example, the controller authority computer 630 can be identifiedbased on an identifier stored in Tag 42 or Tag 53 of the chipcertificate 643.

After identifying the controlling authority, the token manager computer650 can authenticate the chip certificate 643 using the controllingauthority public key 631 and the chip public key 641 which is includedin the chip certificate 643. In response to verifying the chipcertificate 643, the token manager computer 650 can verify the signatureof the signed RGK using the chip public key 641. In response toverifying the signature of the signed RGK, the token manager computer650 can provide a token, an authentication certificate, or other data tothe secure element microchip 640.

At 607, the token manager computer 650 can send the controllingauthority public key 631 to the portal computer 660. The portal computer660 can receive the controlling authority public key 631 from the tokenmanager computer 650. The portal computer 660 can store the controllingauthority public key 631 and provide it to other service providercomputers upon request in order to authenticate the chip certificate643.

As such, the secure element microchip 640 can authenticate with a tokenmanager computer 650 using a certificate which does not include a CAidentifier value (e.g., chip certificate 643, which may not include a CAidentifier value within Tag 42) in order to receive a token from thetoken manager computer 650.

The above description is illustrative and is not restrictive. Manyvariations of the invention may become apparent to those skilled in theart upon review of the disclosure. The scope of the invention may,therefore, be determined not with reference to the above description,but instead may be determined with reference to the pending claims alongwith their full scope or equivalents.

It should be understood that any of the embodiments of the presentinvention can be implemented in the form of control logic using hardware(e.g. an application specific integrated circuit or field programmablegate array) and/or using computer software with a generally programmableprocessor in a modular or integrated manner. As used herein, a processorincludes a single-core processor, multi-core processor on a sameintegrated chip, or multiple processing units on a single circuit boardor networked. Based on the disclosure and teachings provided herein, aperson of ordinary skill in the art will know and appreciate other waysand/or methods to implement embodiments of the present invention usinghardware and a combination of hardware and software.

Any of the software components or functions described in thisapplication may be implemented as software code to be executed by aprocessor using any suitable computer language such as, for example,Java, C, C++, C#, Objective-C, Swift, or scripting language such as Perlor Python using, for example, conventional or object-orientedtechniques. The software code may be stored as a series of instructionsor commands on a computer readable medium for storage and/ortransmission. A suitable non-transitory computer readable medium caninclude random access memory (RAM), a read only memory (ROM), a magneticmedium such as a hard-drive or a floppy disk, or an optical medium suchas a compact disk (CD) or DVD (digital versatile disk), flash memory,and the like. The computer readable medium may be any combination ofsuch storage or transmission devices.

Storage media and computer-readable media for containing code, orportions of code, can include any appropriate media known or used in theart, including storage media and communication media, such as but notlimited to volatile and non-volatile, removable and non-removable mediaimplemented in any method or technology for storage and/or transmissionof information such as computer-readable instructions, data structures,program modules, or other data, including RAM, ROM, EEPROM, flash memoryor other memory technology, CD-ROM, digital versatile disk (DVD) orother optical storage, magnetic cassettes, magnetic tape, magnetic diskstorage or other magnetic storage devices, data signals, datatransmissions, or any other medium which can be used to store ortransmit the desired information and which can be accessed by thecomputer. Based on the disclosure and teachings provided herein, aperson of ordinary skill in the art will appreciate other ways and/ormethods to implement the various embodiments.

Such programs may also be encoded and transmitted using carrier signalsadapted for transmission via wired, optical, and/or wireless networksconforming to a variety of protocols, including the Internet. As such, acomputer readable medium according to an embodiment of the presentinvention may be created using a data signal encoded with such programs.Computer readable media encoded with the program code may be packagedwith a compatible device or provided separately from other devices(e.g., via Internet download). Any such computer readable medium mayreside on or within a single computer product (e.g. a hard drive, a CD,or an entire computer system), and may be present on or within differentcomputer products within a system or network. A computer system mayinclude a monitor, printer, or other suitable display for providing anyof the results mentioned herein to a user.

Any of the methods described herein may be totally or partiallyperformed with a computer system including one or more processors, whichcan be configured to perform the steps. Thus, embodiments can bedirected to computer systems configured to perform the steps of any ofthe methods described herein, potentially with different componentsperforming a respective steps or a respective group of steps. Althoughpresented as numbered steps, steps of methods herein can be performed ata same time or in a different order. Additionally, portions of thesesteps may be used with portions of other steps from other methods. Also,all or portions of a step may be optional. Additionally, any of thesteps of any of the methods can be performed with modules, units,circuits, or other means for performing these steps.

The specific details of particular embodiments may be combined in anysuitable manner without departing from the spirit and scope ofembodiments of the invention. However, other embodiments of theinvention may be directed to specific embodiments relating to eachindividual aspect, or specific combinations of these individual aspects.

The above description of example embodiments of the invention has beenpresented for the purposes of illustration and description. It is notintended to be exhaustive or to limit the invention to the precise formdescribed, and many modifications and variations are possible in lightof the teaching above.

A recitation of “a”, “an” or “the” is intended to mean “one or more”unless specifically indicated to the contrary. The use of “or” isintended to mean an “inclusive or,” and not an “exclusive or” unlessspecifically indicated to the contrary.

All patents, patent applications, publications, and descriptionsmentioned herein are incorporated by reference in their entirety for allpurposes. None is admitted to be prior art.

What is claimed is:
 1. A method for authenticating a device by anauthentication server, the method comprising: obtaining a parentcertificate including a parent public key, the parent public keycomprising a public key modulus; associating a first identifier valuewith the parent public key; obtaining a first hash value of the publickey modulus of the parent public key; associating the first hash valuewith the parent public key; receiving a child certificate from thedevice, the child certificate containing an identifier field, a datafield, and a signature based on the identifier field and not based onthe data field, the identifier field comprising a second identifiervalue, the second identifier value being different from the firstidentifier value, the data field comprising a second hash value, thesecond hash value of the data field of the child certificate being thesame as the first hash value associated with the parent public key;determining that the second identifier value of the identifier field ofthe child certificate is not associated with the parent public key;determining that the second hash value of the data field of the childcertificate is associated with the parent public key; identifying theparent public key based on the second hash value; and validating thechild certificate using the parent public key.
 2. The method of claim 1,wherein the data field of the child certificate comprises a name-valuepair, the name-value pair comprising a name and a value, the name being“CA” and the value being the second hash value, the second hash valuebeing the same as the first hash value of the public key modulus of theparent public key of the parent certificate.
 3. The method of claim 2,wherein the data field further comprises a first tag, the first tagbeing “Tag 53,” and wherein the identifier field comprises a second tag,the second tag being “Tag 42.”
 4. The method of claim 1, furthercomprising: extracting the second identifier value from the childcertificate; comparing the second identifier value from the childcertificate to one or more identifier values that are respectivelyassociated with one or more parent public keys, the one or moreidentifier values respectively associated with the one or more parentpublic keys including the first identifier value that is associated withthe parent public key; and determining that the second identifier valuefrom the child certificate is not equal to any of the one or moreidentifier values that are respectively associated with the one or moreparent public keys.
 5. The method of claim 1, further comprising:extracting the second hash value from the child certificate; comparingthe second hash value from the child certificate to one or more hashvalues that are respectively associated with one or more parent publickeys, the one or more hash values respectively associated with the oneor more parent public keys including the first hash value that isassociated with the parent public key; and determining that the secondhash value from the child certificate is equal to the first hash valuethat is associated with the parent public key, wherein the identifyingof the parent certificate is further based on the second hash value fromthe child certificate being equal to the first hash value that isassociated with the parent public key and the parent public key beingthe parent public key of the parent certificate.
 6. The method of claim1, wherein the determining that the second hash value of the data fieldof the child certificate is associated with the parent public key isperformed after the determining that the second identifier value of thechild certificate is not associated with the parent public key.
 7. Themethod of claim 1, wherein the associating of the first identifier valuewith the parent public key comprises associating the first identifiervalue with the parent public key in a table, and wherein the associatingof the first hash value with the parent public key comprises associatingthe first hash value with the parent public key in the table.
 8. Themethod of claim 7, further comprising: using the second identifier valueto lookup a first associated public key in the table, wherein the secondidentifier value is not associated with any certificate in the table;and using the second hash value to lookup a second associated public keyin the table, wherein the second hash value is associated with theparent public key in the table.
 9. The method of claim 1, wherein theobtaining of the first hash value of the public key modulus compriseshashing the parent public key modulus of the parent public key of theparent certificate to obtain the first hash value.
 10. The method ofclaim 1, further comprising providing a token to the device in responseto the validating of the child certificate.
 11. The method of claim 1,wherein the second identifier value is zero, empty, or null.
 12. Asystem for authenticating a device, comprising: a processor; and amemory storing a set of instructions which, when executed by theprocessor, cause the processor to: obtain a parent certificate includinga parent public key, the parent public key comprising a public keymodulus; associate a first identifier value with the parent public key;obtain a first hash value of the public key modulus of the parent publickey; associate the first hash value with the parent public key; receivea child certificate from the device, the child certificate containing anidentifier field, a data field, and a signature based on the identifierfield and not based on the data field, the identifier field comprising asecond identifier value, the second identifier value being differentfrom the first identifier value, the data field comprising a second hashvalue, the second hash value of the data field of the child certificatebeing the same as the first hash value associated with the parent publickey; determine that the second identifier value of the identifier fieldof the child certificate is not associated with the parent public key;determine that the second hash value of the data field of the childcertificate is associated with the parent public key; identify theparent public key based on the second hash value; and validate the childcertificate using the parent public key.
 13. The system of claim 12,wherein the data field of the child certificate comprises a name-valuepair, the name-value pair comprising a name and a value, the name being“CA” and the value being the second hash value, the second hash valuebeing the same as the first hash value of the public key modulus of theparent public key of the parent certificate.
 14. The system of claim 13,wherein the data field further comprises a first tag, the first tagbeing “Tag 53,” and wherein the identifier field comprises a second tag,the second tag being “Tag 42.”
 15. The system of claim 12, wherein theset of instructions further includes instructions that, when executed bythe processor, cause the processor to: extract the second identifiervalue from the child certificate; compare the second identifier valuefrom the child certificate to one or more identifier values that arerespectively associated with one or more parent public keys, the one ormore identifier values respectively associated with the one or moreparent public keys including the first identifier value that isassociated with the parent public key; and determine that the secondidentifier value from the child certificate is not equal to any of theone or more identifier values that are respectively associated with theone or more parent public keys.
 16. The system of claim 12, wherein theset of instructions further includes instructions that, when executed bythe processor, cause the processor to: extract the second hash valuefrom the child certificate; compare the second hash value from the childcertificate to one or more hash values that are respectively associatedwith one or more parent public keys, the one or more hash valuesrespectively associated with the one or more parent public keysincluding the first hash value that is associated with the parent publickey; and determine that the second hash value from the child certificateis equal to the first hash value that is associated with the parentpublic key, wherein the identifying of the parent certificate is furtherbased on the second hash value from the child certificate being equal tothe first hash value that is associated with the parent public key andthe parent public key being the parent public key of the parentcertificate.
 17. The system of claim 12, wherein the determination thatthe second hash value of the data field of the child certificate isassociated with the parent public key is performed after the determiningthat the second identifier value of the child certificate is notassociated with the parent public key.
 18. The system of claim 12,wherein the set of instructions further includes instructions that, whenexecuted by the processor, cause the processor to: associate the firstidentifier value with the parent public key in a table; and associatethe first hash value with the parent public key in the table.
 19. Thesystem of claim 18, wherein the set of instructions further includesinstructions that, when executed by the processor, cause the processorto: use the second identifier value to lookup a first associated publickey in the table, wherein the second identifier value is not associatedwith any certificate in the table; and use the second hash value tolookup a second associated public key in the table, wherein the secondhash value is associated with the parent public key in the table. 20.The system of claim 12, wherein the set of instructions further includesinstructions that, when executed by the processor, cause the processorto hash the public key modulus of the parent public key of the parentcertificate to obtain the first hash value.
 21. The system of claim 12,wherein the set of instructions further includes instructions that, whenexecuted by the processor, cause the processor to provide a token to thedevice in response to the validating of the child certificate.